No More Giving Away the Master Key

You might not have heard of the Federal desktop core configuration (FDCC). But its ripple effect might reach you eventually. FDCC settings basically lock down desktops and laptops—eliminating users' administrative rights, disabling vulnerable services, and using the most secure versions of Windows components. (For more info see csrc.nist.gov and checklists.nist.gov.)

By today, Federal agencies have to provide a list to the Office of Management and Budget (OMB) of which desktops are running Windows Vista and Windows XP and whether those desktops are compliant with the FDCC settings. They also have to list which desktops aren’t yet compliant and when they might be. Also, software vendors that supply Windows apps to Federal agencies must show that their apps are FDCC compatible.

What does this mean if you don’t work in a Federal agency?

Well, for one thing, the example of an early adopter of the FDCC settings, the US Air Force, shows the advantages many have long known about standardizing the desktop configuration and limiting user privileges. According to SANS NewsBites, when the Air Force became FDCC compatible, it realized three benefits: few applications were negatively affected by the restriction of user privileges; security patches now took days to install rather than weeks; and user problems reported to the Help desk were less complicated to resolve.

For another thing, you might want to have some help if you’re going to follow the Feds and standardize your desktop configuration.

The Air Force used BeyondTrust Privilege Manager at multiple locations to enforce the standardization of its desktops to FDCC requirements. With Privilege Manager, users are able to log in to Windows without administrative privileges and run or install the applications they’re authorized to. Privilege Manager uses the concept of least privilege, originally developed by the Department of Defense 30 years ago.

“In the Windows world, admin rights is the master key,” says BeyondTrust CEO John Moyer. With least privilege, in contrast, the user is assigned only the rights needed to do the job--instead of the master key, a key to a copy room or the broom closet. However, some applications won't work unless the user has admin rights. BeyondTrust Privilege Manager addresses that problem.

With Privilege Manager, users log in as standard users. When an application’s process starts, Privilege Manager adds an administrative token to the list of security tokens associated with that application’s process that determine what a user can do with the app, so that the process is temporarily elevated (if it needs to be elevated). Privilege Manager uses Group Policy to deliver the rule that says what can and can’t be elevated. Privilege Manager doesn’t touch anything else in the Windows security process. “It’s an elegant solution,” Moyer says.

If you know what apps need admin rights and what don’t, you could implement least privilege using Privilege Manager and be done in weeks, he says. If you don’t know what’s on your network as far as apps and what rights they need, the process might take longer. Moyer says BeyondTrust has a policy monitor utility to discover what apps need what privileges. For more information about BeyondTrust Privilege Manager, go to beyondtrust.com.